Internet/intranet access mechanism

ABSTRACT

A method connects one of several customer premises equipment (CPE) via an ATM network to one of several service providers (SP). Each CPE is connected to the ATM network via a corresponding network termination point (NT). There is an access server function (ASF), having a permanent virtual connection (PVC) to each NT and a connection to each SP. A tunneling protocol is established on the permanent virtual connection between each NT and the ASF. The tunneling protocol is able to support an integrated signaling protocol. The CPE or its user select selects an appropriate SP by using the integrated signaling protocol. Routing from the CPE to the selected SP is performed by the ASF. The ASF connects the CPE to the selected SP using the integrated signaling protocol.

BACKGROUND OF THE INVENTION

The invention relates to a mechanism for accessing the Internet via anATM (Asynchronous Transfer Mode) network. Within the context of thisapplication, ‘Internet’ should be interpreted broadly to cover anylarge-area networks using Internet Protocols (IP). Especially it is theapplicant's intention to include future developments, such as Internet 2or NGI (‘Next generation Internet’), and corporate networks, commonlyreferred to as intranets or extranets.

A person designing an Internet access mechanism faces several issues,such as interoperability, security, billing, economic use of IPaddresses, and how to make the best use of installed equipment, etc.

From references [1, Kwok et al.] and [2, Nilsson et al.] are knownInternet access mechanisms for connecting each of several customerpremises equipment (abbreviated “CPE”) via an ATM network to one ofseveral service providers (SP). The concept of service providercomprises Internet service providers (ISP), content providers (CP, forvideo-on-demand, etc.), and corporate network servers (CNS, fortelecommuting, etc.)

Referring to FIG. 1, CPEs are connected to the ATM network at networktermination points (NT). A typical NT, such as NT1 in FIG. 1, is anetwork gateway having a network interface for the customer's local areanetwork, LAN, and another interface towards the ATM network.Alternatively, a personal computer PC or a workstation WS can beconnected directly (without a LAN) to the ATM network by means of anATM/ADSL adapter card (shown as NT2), which in this case is the NT. Inboth cases, there is a well-defined NT for each CPE (although one NT mayserve several CPEs). According to both cited references, the networkcomprises an access server function, or ASF, having a connection to eachNT and each SP such that each NT has a permanent connection or apermanent virtual connection to the ASF. The wording ‘access serverfunction’ implies that the ASF can be a dedicated network element or itcan be integrated into or co-located with another network element, suchas an ATM switch. In the cited references, the ASF has been referred toas an ‘access node’/‘DSLAM’ (digital subscriber line access multiplexer)or an ‘edge router’. It should be noted that the difference between‘permanent connection’ and ‘permanent virtual connection’ has becomerather blurred and later in this application, only ‘permanent virtualconnection’ (PVC) will be used.

A problem of the known Internet access mechanisms is that they do notgive a satisfactory answer to following problem: How can a specificend-user be connected to the desired service provider with a minimalnumber of permanent virtual circuits (PVCs) with a possibility ofend-user authentication taking place only at the ends of the PVCs (notnecessarily at the ASF)?

DISCLOSURE OF THE INVENTION

An object of the invention is to solve or at least minimise the problemassociated with the prior art access mechanisms. The object is achievedwith a method and equipment which are characterized by what is disclosedin the attached independent claims. Preferred embodiments of theinvention are disclosed in the attached dependent claims.

The invention is based on establishing a tunnelling protocol on thepermanent virtual connection between each CPE or NT and the ASF, whereinthe tunnelling protocol is able to support an integrated signallingprotocol. Selecting an appropriate SP is based on the integratedsignalling protocol. Routing to the selected SP is performed by the ASF.Finally, the ASF connects the CPE or NT to the selected SP using theintegrated signalling protocol.

Within the context of this application, ‘tunnelling protocol’ refers toa protocol which allows creating and maintaining virtual privatesessions via various network media such as IP, ATM, Frame Relay, etc.Correspondingly, ‘integrated signalling protocol’ (i.e. a signallingprotocol integrated into the tunnelling protocol) refers to a controlprotocol which is used for creating, maintaining and releasing thesesessions.

Implementation of the invention, however, raises two new issues: the ATMnetwork must provide non-ATM functions in the ASF, and, unless properlydimensioned, the ASF can be a performance bottleneck. Such non-ATMfunctions performed by the ASF include functions above the ATM layer forthe user connections, namely SAR/AAL5, the entire tunnelling protocoland selecting the SP by L2 signalling. These functions requireappropriate administration. After a careful study of the pros and consof the invention, it will be observed that there are situations wherethe advantages of the invention justify the added complexity of the ASF.

According to a preferred embodiment of the invention, one permanentvirtual connection PVC is provided from the ASF to each SP.Alternatively, there is provided a pool of permanent virtual connectionsfrom the ASF to each SP. One PVC is allocated to each CPE from thispool. As a further option, it is possible to establish one switchedvirtual connection (SVC) from the ASF to each SP, on the basis ofsignalling which the ASF receives from the CPE via the tunnellingprotocol.

The tunnelling protocol can be established only in response to detectingappropriate user activity in a CPE. Alternatively, the tunnellingprotocol can be permanent and the integrated signalling is initiated andthe user is authenticated only in response to detecting appropriate useractivity in the CPE. According to a further preferred embodiment, theuser is authenticated twice, first by the ASF using the tunnellingprotocol, and then by the SP.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be described in more detail by means of preferredembodiments with reference to the appended drawing in which:

FIG. 1 is a block diagram illustrating the Internet/intranet accessmechanism according to the invention.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 a is block diagram comprising several customer premises equipmentCPE, connected via network termination points NT to an access serverfunction ASF according to the invention. The ASF can be a dedicatednetwork element, or it can be integrated into or co-located with anothernetwork element, such as an ATM switch (which is known to a skilledperson and not shown separately).

The ASF provides access from each CPE to several service providers SP,such as Internet service providers ISP, content providers CP andcorporate networks CN. The invention requires no changes to theconstruction or operation of the SP equipment. Instead, the inventioncan be implemented in the ASF and the NT. There is preferably onepermanent virtual connection (PVC) between each NT and the ASF.

In the embodiment shown in FIG. 1, there is one PVC from NT2 (in theworkstation WS) to the ASF. Also, assuming that at least one of thepersonal computers PC is active, there is also a PVC from NT1 to theASF. All the personal computers PC connected to the LAN share the PVCbetween NT1 and the ASF. According to a preferred embodiment of theinvention, there is a tunnelling protocol, such as L2TP (Layer 2Tunnelling Protocol), on the PVC from each active PC to the NT. Thetunnelling protocol combines the sessions and signalling from all activePCs into a single tunnel from the NT to the ASF. The tunnelling protocolmust be able to support an integrated signalling protocol. The end user(i.e. the person using the CPE or a software agent being executed in theCPE) selects an appropriate SP by using the integrated signallingprotocol. Routing to the selected SP is performed by the ASF. Finally,the ASF connects the CPE or NT to the selected SP using the integratedsignalling protocol.

Reference 11 points to a preferred protocol stack at the NT andreference 12 points to a preferred protocol stack at the ASF. (Theworkstation WS connected to NT2 without a LAN needs a simpler protocolstack, consisting only of the right half of the protocol stack 11, i.e.PPP, L2TP, AAL5, ATM, and PHY.) Having point-to-point connectivity PPPover L2TP provides end-to-end security. In other words, it is notnecessary for the ASF to authenticate the user, although the ATMoperator may still choose to do so, in order to charge the subscriberfor the duration of the session. However, even in this case, theend-user's choice of SP is not known to the ATM operator, which is aclear benefit to the owners of the SPs.

The preferred embodiment saves a considerable amount of PVCs over theprior art access mechanisms. Let us calculate an example case of 10 000customers and 8 SPs and 20 ASFs (one ASF per 500 CPE). If all customersneed access to all SPs, the prior art access mechanisms require aseparate PVC for each customer/SP combination, i.e. in this example 8*10000=80000 PVCs. In comparison, the mechanism according to the inventionrequires a PVC only for each customer and each ASF/SP combination, i.e.10 000+8*20=10 160 PVCs. (This number is not perfectly accurate sincesome ASF/SP connections can be switched virtual connections, SVC.)

According to an alternative embodiment of the invention, there is aseparate PVC from each active PC between the NT and the ASF. In thiscase, implementation of the NT is easier because the tunnels from thePCs do not have to be combined (instead, all tunnels pass from the PCs,over the LAN, through the NT to the ASF).

The ATM operator's billing can be based on the time there is a PVCbetween the customer and the ASF. The invention simplifies this kind ofbilling because there is only one PVC from each customer. Also, when thecustomer changes the SP, a new PVC configuration is not needed.

Configuring and managing the NT device according to the invention, likethe device itself, is rather simple. Only its LAN interface and its ATMinterface require configuration: an IP address, a subnet mask and an ATMPVC. The latter can be received automatically, using a technique knownas ILMI (Interim Local Management Interface) as defined by ATM Forum UNI(User to Network Interface) 3.1. ILMI supports bidirectional exchange ofmanagement information between UNI management entities related to theATM layer and physical layer parameters. Correspondingly, the LANinterface can be configured automatically by a process known as DHCP(Dynamic Host Configuration Protocol), as defined by the InternetSoftware Consortium.

The description only illustrates preferred embodiments of the invention.The invention is not, however, limited to these examples, but it mayvary within the scope of the appended claims.

References:

1. Kwok, Timothy et al: An Interoperable End-to-End Broadband ServiceArchitecture over ASDL Systems, version 1.0, 3 Jun., 1997, available ataddress http://www.3com.com/xdsl/microwt.html at the priority date ofthis application.

2. Nilsson, Patrik et al: Anx—High-speed Internet Access, available ataddress http://www.ericsson.com/Review/er1b_(—)98/art4/art4.html at thepriority date of this application. The www address implies thatreference 2 was printed in Ericsson Review magazine.

Both cited references are incorporated herein by reference.

1. A method of connecting a plurality of customer premises equipment andservice providers via an access node, the method comprising: connectingone or more CPEs to the access node via a network termination (NT)point; providing an access server function (ASF) at the access node;establishing a permanent virtual connection between the access node andthe NT point; establishing a tunneling protocol integrated with asignaling protocol over the permanent virtual connection between theaccess node and the NT point; receiving, at the access node, a selectionof a service provider from a customer premises equipment (CPE) via thesignaling protocol; forming a virtual connection between the access nodeand a service provider (SP) of choice on receipt of a request for a newsession from the CPE indicating the SP of choice; and at the accessnode, performing routing between the CPE and the SP using routinginformation provided by the signaling protocol.
 2. A method as claimedin claim 1, further comprising selecting the service provider bysignaling from the access node.
 3. A method as claimed in claim 1,wherein the access server function is provided on a dedicated networkelement.
 4. A method as claimed in claim 1, wherein the access serverfunction is integrated into or co-located with an ATM switch.
 5. Amethod as claimed in claim 1, wherein the access server function isintegrated with a Digital Subscriber Line Access Multiplexer (DSLAM). 6.A method as claimed in claim 1, wherein the virtual connection comprisesa permanent virtual connection.
 7. A method as claimed in claim 1,wherein the virtual connection comprises a switched virtual connection.8. A method as claimed in claim 1, wherein the service provider is oneof an Internet service provider (ISP), a content provider, and acorporate network server.
 9. A method as claimed in claim 1, furthercomprising: provisioning a pool of permanent virtual connections betweenthe access node and the service provider; and selecting a permanentvirtual connection from the pool of permanent virtual connections to beused for a plurality of the CPEs, the selected permanent virtualconnection being used in the routing step to connect communicationsessions to the service provider.
 10. A method as claimed in claim 1,wherein the tunneling protocol comprises the Layer 2 Tunneling Protocol(L2TP).
 11. A method as claimed in claim 1, wherein the tunnelingprotocol combines sessions and signaling from all active CPEs connectedto the NT point into a single tunnel from the NT point to the accessnode.
 12. A method as claimed in claim 1, wherein the NT point comprisesa LAN interface configured automatically using a Dynamic HostConfiguration Protocol (DHCP).
 13. A method as claimed in claim 1,wherein the NT point comprises an ATM interface configured using aInterim Local Management Interface (ILMI) protocol.
 14. A networkelement for connecting several customer premises equipment (CPE) to aservice provider, the network element comprising: means for establishinga permanent virtual connection with a network termination (NT) pointoperating as an interface to at least one CPE; an access server functionconfigured to, on receipt of a request for a new session from the CPE:establish a tunneling protocol integrated with a signaling protocol overthe permanent virtual connection, receive a selection of a serviceprovider from the CPE via the signaling protocol, and form a virtualconnection to the service provider as selected from the CPE, so thatonly one virtual connection is formed between the network element andeach service provider; and means for routing user data between the CPEand the service provider using routing information provided by thesignaling protocol.
 15. A network element as in claim 14, wherein theaccess server function is enabled on an ATM switch.
 16. A networkelement as in claim 14, wherein the access server function is enabled ona Digital Subscriber Line Access Multiplexer (DSLAM).
 17. A networkelement as in claim 14, wherein the virtual connection to the serviceprovider comprises a permanent virtual connection.
 18. A network elementas in claim 14, wherein the virtual connection to the service providercomprises a switched virtual connection.
 19. A network element as inclaim 14, wherein the service provider is one of an Internet serviceprovider (ISP), a content provider, and a corporate network server. 20.A network element as in claim 14, wherein the network element is furtherconfigured to establish one or more communication sessions via thepermanent virtual connection.
 21. A network element as in claim 20,further comprising: means for provisioning a pool of permanent virtualconnections between the network element and the service provider; andmeans for selecting a permanent virtual connection from the pool ofpermanent virtual connections, wherein the means for routing connect theCPE to the service provider over the selected permanent virtualconnection.
 22. A network element as in claim 14, wherein the tunnelingprotocol comprises the Layer 2 Tunneling Protocol (L2TP).